CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2022-2905
https://notcve.org/view.php?id=CVE-2022-2905
An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data. Se ha encontrado un fallo de lectura de memoria fuera de límites en el subsistema BPF del kernel de Linux en la forma en que un usuario llama a la función bpf_tail_call con una clave mayor que el max_entries del mapa. Este fallo permite a un usuario local conseguir acceso no autorizado a los datos • https://bugzilla.redhat.com/show_bug.cgi?id=2121800 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel%40iogearbox.net • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-40307
https://notcve.org/view.php?id=CVE-2022-40307
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. Se ha detectado un problema en el kernel de Linux versiones hasta 5.19.8. El archivo drivers/firmware/efi/capsule-loader.c presenta una condición de carrera con un uso de memoria previamente liberada resultante • https://github.com/torvalds/linux/commit/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.debian.org/security/2022/dsa-5257 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-39842
https://notcve.org/view.php?id=CVE-2022-39842
An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.19. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://github.com/torvalds/linux/commit/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/YylaC1wHHyLw22D3%40kadam/T https://www.debian.org/security/2022/dsa-5257 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39188 – kernel: unmap_mapping_range() race with munmap() on VM_PFNMAP mappings leads to stale TLB entry
https://notcve.org/view.php?id=CVE-2022-39188
An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. Se ha detectado un problema en el archivo include/asm-generic/tlb.h en el kernel de Linux versiones anteriores a 5.19. Debido a una condición de carrera (unmap_mapping_range frente a munmap), un controlador de dispositivo puede liberar una página mientras todavía presenta entradas de TLB antiguas. • https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://github.com/torvalds/linux/commit/b67fbebd4cf980aecbcc750e1462128bffe8ae15 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iq • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39190 – kernel: nf_tables disallow binding to already bound chain
https://notcve.org/view.php?id=CVE-2022-39190
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. Se ha detectado un problema en el archivo net/netfilter/nf_tables_api.c en el kernel de Linux versiones anteriores a 5.19.6. Puede producirse una denegación de servicio al vincularse a una cadena ya vinculada A flaw was found in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.6 https://github.com/torvalds/linux/commit/e02f0d3970404bfea385b6edb86f2d936db0ea2b https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/all/20220824220330.64283-12-pablo%40netfilter.org https://twitter.com/pr0Ln https://access.redhat.com/security/cve/CVE-2022-39190 https://bugzilla.redhat.com/show_bug.cgi?id=2129152 • CWE-392: Missing Report of Error Condition •